Apache ofbiz rce | CVE-2020-9496 PoC
#Apacheofbiz unauth rce vulnerability : #CVE-2020-9496
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
https://youtu.be/DO93Xc8sGWg
#Apacheofbiz unauth rce vulnerability : #CVE-2020-9496
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
https://youtu.be/DO93Xc8sGWg
YouTube
Apache ofbiz rce | CVE-2020-9496 PoC
#Apacheofbiz unauth rce vulnerability : #CVE-2020-9496
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
Technical…
Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise.
Technical…
CVE-2020-7048 PoC | WordPress Database Reset Plugin Vulnerability
VULNERABILITIES IN WORDPRESS DATABASE RESET PLUGIN ALLOW TO CAPTURE OR ERASE A SITE DATABASE. Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed on more than 80,000 sites. This plugin, developed by WebFactory Ltd, is designed to invest in database setup and quick reset to default settings. As a result, bugs can be used to capture sites and reset tables in the database.
https://youtu.be/nj_dqcvrwp4
VULNERABILITIES IN WORDPRESS DATABASE RESET PLUGIN ALLOW TO CAPTURE OR ERASE A SITE DATABASE. Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed on more than 80,000 sites. This plugin, developed by WebFactory Ltd, is designed to invest in database setup and quick reset to default settings. As a result, bugs can be used to capture sites and reset tables in the database.
https://youtu.be/nj_dqcvrwp4
YouTube
CVE-2020-7048 PoC | WordPress Database Reset Plugin Vulnerability
VULNERABILITIES IN WORDPRESS DATABASE RESET PLUGIN ALLOW TO CAPTURE OR ERASE A SITE DATABASE. Wordfence specialists report that at the beginning of January, dangerous vulnerabilities were discovered in the popular WordPress Database Reset plugin installed…
From XSS in WordPress Core (CVE-2020-4046) to RCE
A long-lived XSS vulnerability was patched in WordPress 5.4.2. It allowed any authenticated user, with privileges to create or edit a post, to embed arbitrary JavaScript within the post. When the post was later viewed the code executed in the context of the site.
https://youtu.be/tCh7Y8z8fb4
A long-lived XSS vulnerability was patched in WordPress 5.4.2. It allowed any authenticated user, with privileges to create or edit a post, to embed arbitrary JavaScript within the post. When the post was later viewed the code executed in the context of the site.
https://youtu.be/tCh7Y8z8fb4
YouTube
From XSS in WordPress Core (CVE-2020-4046) to RCE
A long-lived XSS vulnerability was patched in WordPress 5.4.2. It allowed any authenticated user, with privileges to create or edit a post, to embed arbitrary JavaScript within the post. When the post was later viewed the code executed in the context of…
Alh4zr3d - Type Jugging Leading to Auth Bypass!
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
https://youtu.be/vn-kHZcdnzQ
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
https://youtu.be/vn-kHZcdnzQ
YouTube
HacktheBox "Base" - Type Jugging Leading to Auth Bypass!
For the final machine in the "Starting Point" track, we had the opportunity to bypass the login in a really interesting way: utilizing PHP's strange, eldritch logic for performing comparisons between objects of different types!
Twitch: https://twitch.tv/alh4zr3d…
Twitch: https://twitch.tv/alh4zr3d…
API hacking with postman - @TheXSSrat
https://www.youtube.com/watch?v=rdxVgV8dOnQ&list=PLd92v1QxPOprsg5fTjGBApq4rpb0G-N8L
https://www.youtube.com/watch?v=rdxVgV8dOnQ&list=PLd92v1QxPOprsg5fTjGBApq4rpb0G-N8L
YouTube
API hacking with postman Part 1 - getting the basics down
API's are everywhere and it can only do us good to learn how to hack them while it's still growing so fast. We can grow along! :D
Uncle rat's courses:
https://thexssrat.podia.com
Become a member of this channel to unlock special perks: https://www.you…
Uncle rat's courses:
https://thexssrat.podia.com
Become a member of this channel to unlock special perks: https://www.you…
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
https://events.bizzabo.com/308842/agenda
Bizzabo
DevSecCon24
DevSecCon24 is a global, vendor-neutral, community-driven conference that connects developers, security and operations teams to learn and enable the integration of security into their development practices.
Forwarded from w0rk3r's Blue team Library (Jonhnathan Jonhnathan Jonhnathan)
BloodHound versus Ransomware: A Defender’s Guide
https://posts.specterops.io/bloodhound-versus-ransomware-a-defenders-guide-28147dedb73b
@BlueTeamLibrary
https://posts.specterops.io/bloodhound-versus-ransomware-a-defenders-guide-28147dedb73b
@BlueTeamLibrary
Medium
BloodHound versus Ransomware: A Defender’s Guide
Intro
John McAfee, criador do antivírus McAfee, é encontrado morto em prisão de Barcelona
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
https://g1.globo.com/economia/tecnologia/noticia/2021/06/23/john-mcafee-criador-do-antivirus-mcaffe-e-encontrado-morto-dizem-jornais.ghtml
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
https://g1.globo.com/economia/tecnologia/noticia/2021/06/23/john-mcafee-criador-do-antivirus-mcaffe-e-encontrado-morto-dizem-jornais.ghtml
G1
John McAfee, criador do antivírus McAfee, é encontrado morto em prisão de Barcelona
Empresário estava preso preventivamente na Espanha, por acusações de fraudes fiscais, e seria extraditado para os EUA. Ele tinha 75 anos e foi um dos pioneiros no mercado de antivírus para computadores pessoais.
Grupo Fleury é alvo de ataque cibernético
Os sistemas online do Grupo Fleury foram alvo de uma tentativa de ataque cibernético nessa terça-feira (22), ficando fora do ar desde então. Em nota divulgada à imprensa, a companhia confirmou a investida contra o seu ambiente de Tecnologia da Informação, deixando parte das suas operações indisponíveis.
https://www.tecmundo.com.br/seguranca/219831-grupo-fleury-alvo-ataque-cibernetico.htm
Os sistemas online do Grupo Fleury foram alvo de uma tentativa de ataque cibernético nessa terça-feira (22), ficando fora do ar desde então. Em nota divulgada à imprensa, a companhia confirmou a investida contra o seu ambiente de Tecnologia da Informação, deixando parte das suas operações indisponíveis.
https://www.tecmundo.com.br/seguranca/219831-grupo-fleury-alvo-ataque-cibernetico.htm
Tecmundo
Grupo Fleury é alvo de ataque cibernético
Vários serviços do site da empresa especializada em exames médicos ficaram indisponíveis após a tentativa de invasão externa
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/
The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots.
Since its discovery, the malware family has seen a couple of upgrades, from the addition of persistence and new exploits, to targeting Android devices via the Android Debug Bridge (ADB).
https://unit42.paloaltonetworks.com/hide-n-seek-botnet-updates-arsenal-with-exploits-against-nexus-repository-manager-thinkphp/
Unit 42
Hide ‘N Seek Botnet Updates Arsenal with Exploits Against Nexus Repository Manager & ThinkPHP
This post is also available in: 日本語 (Japanese)Executive Summary The Hide 'N Seek botnet was first discovered in January 2018 and is known for its unique use of Peer-to-Peer communication between bots. Since its discovery, the malware family has seen a couple…